We use the product for endpoint protection against viruses, malware and ransomware technologies.
Offers good protection against malware, but the price could be better
Pros and Cons
- "The solution has all the standard features you would expect for endpoint protection."
- "The price of the product could be more friendly."
What is our primary use case?
What is most valuable?
The solution has all the standard features you would expect for endpoint protection.
What needs improvement?
The price of the product could be more friendly.
For how long have I used the solution?
I have been using the solution for one year now.
Buyer's Guide
Check Point Harmony Endpoint
November 2024
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
815,854 professionals have used our research since 2012.
What do I think about the stability of the solution?
We have had no problems with stability so far.
What do I think about the scalability of the solution?
The solution isn't very scalable, it's a PC, and it's all endpoint.
Currently, there are 2000 users of this product in my company. This number can change in the future due to company growth. Next year, each employee at the company will have a notebook and each notebook will have this software installed in it. If the headcount increases, the license will increase accordingly.
Which solution did I use previously and why did I switch?
We previously used McAfee for endpoint protection, it was a corporate decision to switch. This could have been due to a cost or technology issue.
How was the initial setup?
Installation is straightforward, it took our IT department 20 minutes.
The product has very fast deployment, as we roll out the product in batches. These batches can vary between one and hundreds. This number depends on how the team schedules the roll-out, as each roll-out is customized to match the bandwidth requirements.
What about the implementation team?
We used an in-house team to implement the solution.
What's my experience with pricing, setup cost, and licensing?
We implement this solution with a yearly subscription and there are no extra costs.
What other advice do I have?
I would recommend Microsoft Defender for Endpoint over this solution.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Specialist at Tech Mahindra Limited
Good ransomware protection and URL filtering but support needs to be more knowledgable
Pros and Cons
- "It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response."
- "The solution has limitations if it's hosted on-prem or as a SaaS."
What is our primary use case?
The solution is primarily used for protecting endpoints.
Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape.
It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response. This way, your organization gets all the endpoint protection it needs, at the quality it deserves, in a single, efficient, and cost-effective solution and able to detect/block/monitor and response to any malicious activity happening on the endpoint. With the single agent deployed on the endpoint, it's able to provide complete EDPR functionality with help of multiple security features/modules.
How has it helped my organization?
Harmony Endpoint provides complete EDPR functionality using multiple modules/features which are available with the solution such as Compliance, Anti-Malware, Media Encryption and Port Protection, Firewall and Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering. Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensic, Threat Emulation, and Anit-Exploit.
We are able to protect endpoints from any next generation of attack and modules can be enabled/disabled based on organization requirements. Harmony Endpoint is able to detect/block/monitor and mitigate attacks at an endpoint using logs which is been captured by an agent installed on the endpoint.
Agents send telemetry/metadata to a centralized console for forensic purposes. Policies for the endpoints can be created based on the user name or endpoint.
Integration with a threat intel platform for blocking any attack at an early stage is great. The complete solution can be hosted on-prem or via SaaS - a cloud remote access VPN is provided as default in base licence.
Different policy servers can be configured and hosted at each location so the agent does not have to reach a central location to take policy updates. Policy servers are created using OVF file which can be installed on any virtual platform such as VMware. This offers a more secure way of communication between the policy server and the management console (using certificate/SIC communication).
Agent footprints are low on endpoints and integration with other security solutions is great for sharing threat intel within an organizational network or over the cloud. Anti-ransomware modules are very strong and are able to detect any ransomware attacks at a very early stage.
The host-based firewall policy configuration is simple.
What is most valuable?
- Host Firewall
- Application Control
- Compliance NGAV: Prevent Attacks Before They Run
- Anti-Malware
- ML based NGAV
GAV: Runtime Detection and Protection- Anti-Ransomware
- Behavioral Guard
- Anti-Bot
- Anti-Exploit
Web Protection- Zero-day Phishing site protection
- Corporate Password Reuse Protection
- URL Filtering
- Malicious site protection
Attack Investigation and Response- Forensics collection and detection
- Forensics report – incident visibility, MITRE mapping
- Automated attack chain full sterilization
- Ransomware encrypted files restoration
- Threat Hunting
Data Protection- Host Encryption
- Media encryption and port protection
Mobile Protection- iOS Protection
- Android Protection
Centralized Management- Cloud Management
- On-Prem Management
The solution allows us to reduce the attack surface via:
What needs improvement?
The solution has limitations if it's hosted on-premise or as a SaaS. You need to plan accordingly on the model that suits the organization. On-Premise, for example, does not support threat hunting. Hosting on the cloud will have an impact on the user who is connecting to a central location for internet access as it will add infra cost.
We also need to look over the expertise of the support executives who require more training and focus as well in this service area and if we can think over the cost of the product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Check Point Harmony Endpoint
November 2024
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
815,854 professionals have used our research since 2012.
Supervisor Tecnico at Grupo MCoutinho
Great URL filtering and management with very good licensing tiers
Pros and Cons
- "We're able to secure all endpoints and manage them from a single console."
- "Sometimes, with a lot of clients (1,000) the UI is a bit sluggish."
What is our primary use case?
We're using the product to secure our endpoint users internally and for a hybrid workplace setting.
We wanted to replace Windows Defender with a more professional solution and, after checking some vendors, we opted for Check Point since we've been using their firewall product for quite some time.
The license tier is also nice as we can buy licenses to specific cases and save some money on that end.
The inclusion of URL filtering was a plus since we replaced another product we used in the company.
How has it helped my organization?
We're able to secure all endpoints and manage them from a single console.
Being able to set policies linked to Active Directory objects made the administration of the platform much simpler and the documentation of those policies very easy. We can just change a setting on Active Directory and the computer gets a totally different policy in a matter of minutes. Of course, this syncronization time must be set up in advance on an agent machine. However, it is a very easy task to do.
The drive encryption was another feature we implemented with the product.
What is most valuable?
The management of all endpoint settings from a single portal does not need to use more than this one to set all the policies. We used the deployment of this product to push drive encryption to some of the more sensitive users of the company since we haven't had any solution to this problem.
We're also using application control to block some unwanted apps from being executed on clients, however, sometimes the management of those apps can be a little time-consuming due to newer versions being released often.
What needs improvement?
The lack of time setting for policy application, for example, from 8 am to 9 am, to have a policy applied and then from 9 am to 10 am for another one.
A more responsive UI would be nice. Sometimes, with a lot of clients (1,000) the UI is a bit sluggish.
The operation of reinstalling a machine also requires a bit of work since we have to delete the object before installing the app on a formatted operating system. It should be able to lock settings and licenses to the machine ID that never changes with an OS installation.
For how long have I used the solution?
I've used the solution for one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Security Manager at a manufacturing company with 1,001-5,000 employees
Great threat emulation and threat extraction features with helpful forensics
Pros and Cons
- "The forensics allows us to search retrospectively for an URL or file opened by users, for example, when you need to quickly check who else has clicked on a phishing link."
- "Unfortunately, the web (cloud) management system and log search performance are quite bad."
What is our primary use case?
We use Harmony on every PC to add additional protection primarily to file downloads. We use it alongside our classic AV solution (non-Check Point). Every file is scanned via Threat Emulation (virtual sandboxing) and Threat Extraction (sanitizing files by removal of active content).
The anti-phishing module scans every new web form, that the user is trying to enter data in. Based on visual similarities to known sign-in websites (like Microsoft Azure's) it blocks the phishing ones that are similar.
The forensics module allows us to retrospectively search for a wide number of events on all PCs (for example for now-known malicious URLs or files)
How has it helped my organization?
Harmony mainly filled the gap in e-mail security, allowing us to check what the user has clicked (and blocks it when needed).
It also has a nice phishing form detection blocking users from entering their credentials on many real-life phishing websites.
The forensic log search (as described above) allows us to quickly do a retrospective search for a file or URL that we found malicious.
The features come in handy during Covid-related extended remote work times, when we were able to provide better security to our employees working off-premises.
What is most valuable?
The most valuable features are threat emulation and threat extraction. Despite some false positives, it gives quite good security for file downloading.
Phishing form detection based on on-site similarity (not only on URL) has at least 50% efficiency in real-life examples that passed our antispam systems (and most of the false negatives are pretty general forms, which are not so convincing to the user).
The forensics allows us to search retrospectively for an URL or file opened by users, for example, when you need to quickly check who else has clicked on a phishing link.
What needs improvement?
Unfortunately, the web (cloud) management system and log search performance are quite bad. Sometimes it takes longer to perform simple tasks and scrolling the results of the log is annoying due to frequent refreshes.
The exception management was always the Achilles' heel of Check Point products. It was a bit improved in Harmony, still, you can't for example exclude a site from anti-phishing form checks (which could take a few secs) while not excluding it from attachment scanning.
The forensics module still doesn't allow for HTTPS URLs entered by users. You are limited to DNS search or IP lookup. This doesn't make sense from a technical standpoint as the URLs are passing Harmony checks so they are known to the solution.
Anti-phishing cannot scan a form located inside an HTML e-mail attachment (which is a common practice in real-life attacks).
For how long have I used the solution?
I've used the solution for one year.
What do I think about the scalability of the solution?
Cloud management performance is sometimes quite bad for day-to-day tasks, although it is not related to the number of endpoints.
How was the initial setup?
If you limit browser extension via GPO, there might be conflicts with Harmony's that generally overwrites your config in some modes (per user vs per device enforcement).
What's my experience with pricing, setup cost, and licensing?
Pricing isn't cheap, especially if you want to extend forensic log retention period from default one week.
What other advice do I have?
It's still being actively developed and still needs some improvement.
In general, it's quite good now regarding security and might get even better.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security Engineer at a financial services firm with 51-200 employees
Resilient by design, provides redundancy, and offers ongoing constant improvements
Pros and Cons
- "We love that we don't have to upgrade it anymore. They take care of that."
- "It would be ideal if they had a migration tool of some sort."
What is our primary use case?
There have been improvements in the way our organization functions, as, from an administrative perspective, and being available and taking upgrades out of our court if our users need it, it's going to be out there hanging off of AWS's internet or environment. There is no downtime.
Theirs (AWS) is probably more highly available than ours. Other than that, it's supposed to be the same product that we were using. It's a Check Point Management Station to a Check Point Management Station in the cloud. Basically, it's not that much of a difference. We have upgraded all the clients since, and we're on one of the later versions of the VPN clients that are supported by the new Management Station. The old Management Station wasn't supporting the newer clients anymore.
The new clients seem to be faster and more stable. Those are improvements that everyone in the company can appreciate. They can VPN and connect faster. They're more resilient. I've noticed that they try to reconnect. If our internet goes out for 20 minutes and you VPN'd in, it will actually reconnect on its own at the same token, which is amazing. Before, if only the slightest instability of the internet connection disconnected you from VPN, you were then required to put in your RSA token and password, and username. That is annoying for people as a lot of people's WiFi's aren't that great and/or they're in some airport or something and might momentarily disconnect.
What is most valuable?
We love that we don't have to upgrade it anymore. They take care of that.
The upgrade process was nice with the new Management Station compared to the old one. I like how they have the clients already available. I didn't have to download them and upload them as I did with the old Management Station.
We're happy with the solution overall as it takes away the administrative overhead of operating it and patching it and being able to also sign in through the web browser anywhere as opposed to just having to VPN back to our work and connect to the Management Station in order to use it. We can just use the Check Point portal and just use any browser anywhere. That gives us more options, which we like.
I've noticed they're constantly updating the interface and making it easier to use, which I appreciate. When we first started using it, it was really laggy and it was really slow and it was hard to sort some of the computers and users, however, they make updates almost every time that I log in. It gets better and better every day. It has gotten better and it's not as slow as it was.
There seem to be constant improvements happening, which you can't say for everything. We don't have to upgrade to get the benefits of the improvements, either. That takes a lot off of our plate and allows us to focus on other things. We're taking the good with the bad and the bad seem to be one-offs and we're looking forward to the future.
Therefore, the most valuable feature is its ability to take the management and the administration of the product off of our plate and onto their plate. We don't have to worry about upgrading it, creating downtime, working off-hours, doing all the research and stress of seeing if it's compatible, if there are problems, letting them test it. That's nice. Previously, we would upgrade our products or patch them maybe two to four times a year, depending on if there's a security vulnerability. Each time we do something like that, it was about three to four hours of downtime. Now, that process doesn't exist.
Before, with on-premise, we had two Management Stations. One was primary, one was secondary and there were two different data centers in case one data center was down. The other one would come up and be the Management Station for all of the clients. Now, in this case, we only have one. It's in their cloud. Their cloud is in AWS. It's a great thing. It's resilient by design and it provides redundancy in a single source of administration for us. We like that too
What needs improvement?
It would be ideal if they had a migration tool of some sort.
There were some caveats that we encountered on the new Management Station. For example, they had some features that were not supported by older clients. There are the clients that are running on the laptops, and there are the Management Stations, and then we had one on-premise, which was older in terms of the clients that we were running. Then we had the new Management Station in the Cloud that Check Point is administering as it is a SaaS, which is a benefit.
The newer Management Station has features that it enforced on the clients that the clients weren't able to support. For example, Windows Service or Windows Subsystem Linux. Everyone in my company that uses Windows Subsystem Linux, which is about 15 or 20 people, that need it on a daily basis, were running the older clients of course, as they were migrated over the new Management Station and they weren't allowed to use that. It was being blocked automatically due to the fact that that was the new policy being enforced that was literally a tick box in the new Management Station that I didn't set. Even if I enabled WSL, it didn't matter. The older clients couldn't take advantage of the new newer Management Station telling them to use it. That was annoying trying to troubleshoot that and figure it out. tNo one at Check Point really knew that was the problem. It took a while to resolve. We finally figured out upgrading may solve the problem. When we did that, we upgraded those users, however, that created a little bit of an issue in the company, as we upgraded those users. We like to test them with a small group and make sure they're stable and make sure nothing weird happens. We were forced to upgrade them without testing first.
One thing they still haven't improved on from the old Management Station to the new Management Station, which should totally be an improvement, is when you create a Site List for the VPN clients and you deploy it from the Management Station, you are not able to get that Site List. You have to play around with something called the Track File, which is a miserable process. You have to download the client, decrypt the Track File, edit it, then upload it again to the Management Station and download the client a second time and then test it and make sure the Track File's in the right order of sites as well, due to the fact that it's kind of random how it decides to order the Site List. The Site List is what the clients use to connect to the VPN Gateway, and if you have more than one gateway, for example, for disaster recovery, which we do, then they'll need that list.
It's something they've never improved on, which I was hoping by going to the cloud and having this whole thing recreated. Since it's more advanced I thought they'd have that ability to edit the Site List with the initial download. You should be able to just add the sites and then that's it. That kind of sucks that you can't.
Other than that, the only other thing I could complain about was that they did this process where they did some type of certificate update on the backend of all of their staff solutions. That created downtime for our VPN clients and they didn't notify us of the certificate update. We're using the product in their cloud as opposed to their product on-premise, which seemed to be more stable in that regard. They didn't communicate that out. However, when we spoke to support after about a week, they told us there was this thing they did the past week, and that's the reason why we had that problem. Everyone that had that product had that problem. That really wasn't ideal.
For how long have I used the solution?
I've been using the solution for about a year. Maybe a little bit more.
We've been a Check Point shop for approximately 15 years. We're very well versed in Check Point.
What do I think about the scalability of the solution?
Seeing that it's in the Cloud, I think it's very scalable and I am impressed with that aspect of it.
For this solution, in particular, we are using 100% of the Cloud VPN Management Station and all users are phoning home up into the cloud. We're going to stick with it unless they have some severe outages or certificate updates without telling us like they did last time. Right now, there's no reason for us to change and I'm very pleased with the product.
How are customer service and support?
To set it up, we relied heavily on technical support as it was new. That said, it's really the same ball of wax, so we're good now. It was just the initial setup we needed help with as it was new to us. We hadn't done much. We had to learn how to connect our software clients to the cloud. We had to use special cloud keys that were proprietary to Check Point. It's like learning a new suite from Check Point.
We literally got on this as it was cutting edge. We're like one of their first customers using their SaaS. We were using their VPN and Smart-1 Cloud before most people. When we were setting it up, we're setting it up with their actual product engineers or whatever. It was interesting.
They changed it a lot since we started setting it up.
I'd call them to their support and they didn't even know about anything due to the fact that the support wasn't even trained on the cloud yet. They weren't even trained on their Smart-1. They would just say "we don't know about that yet and/or we can't help you." It was kind of funny. I told our sales team that and they got pissed.
They called them and they're like, no one should ever tell the customer that you don't know about this yet and it became a big deal in Check Point.
That said, I'd rate their service as pretty high. I respect those in the endpoint or firewall department as they largely understand what's going on. At the same time, they do need to get people more people trained up. They don't seem to have trouble keeping people around for a few years so that they learn.
How was the initial setup?
After signing up with Check Point, the migration of users took about a month and a half.
We had to build out the Management Station in Check Point too and that took from probably January to almost July as we had to build it from scratch. They didn't have a migration tool for our current policy, as it enforces firewall policy on the endpoints locally on the local firewall and that wasn't ideal. We had to build that whole Management Station from scratch.
I had to go back and forth between the on-premise Management Station and the Cloud Management Station and literally look at every single feature, every single function, every single rule. I had to recreate every single object. I had to recreate every single everything. That took a very long time.
It was very manual. It's literally two screens and comparing items. That took a couple of months while doing other things, of course. However, that was my priority for about a month and a half. I worked on that a lot. I wish they had a migration tool, like a migrate export for the policy and the features. Once that was created, however, everything pretty much worked. That said, there were a couple of caveats.
What other advice do I have?
We're customers of Check Point.
I've been working on setting it up and migrating users from the on-premise platform since January of this year. This is their Cloud Endpoint, VPN Management Station versus their on-premise VPN Management Station for Endpoint. We had to migrate the users from the on-premise version using a special tool that you have to ask them to make, which is kind of weird, however, their product is so new that that's the way that they do it. I had to deploy that tool to all the users in our company and that switched them over to their Cloud Management Station.
I'd rate the solution at an eight out of ten. There's room for improvement, however, I respect it and it works well.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Specalist at vTech Solution
Constantly updated with good zero-day prevention and excellent prevention capabilities
Pros and Cons
- "Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today's complex threat landscape."
- "They could improve memory consumption."
What is our primary use case?
Check Point Endpoint Security is to protect our employee endpoints as we're currently working from home. The user is totally unaware of the cyber threats, so the basic functionality of endpoint security provides a lot more security. With it, any threat attack can be rebuffed. Any user downloading any suspicious data from the web will first have Check Point scan it deeply. If there's malware then it quarantines it. Otherwise, the user can access it. We're using it on a primary basis. We don't have any other solutions in place apart from the Check Point.
How has it helped my organization?
Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today's complex threat landscape.
It prevents the most imminent threats to the endpoint such as ransomware, phishing, or drive-by malware, while quickly minimizing breach impact with autonomous detection and response. That's how our organization improved its security. Before that, we didn't have the security to prevent such threats as ransomware, phishing, etc. Due to that, our IT environment is more secure and business has also increased.
What is most valuable?
The product offers advanced anti-malware and antivirus protection to protect, detect, and correct malware across multiple endpoint devices and operating systems. Proactive web security is available to ensure safe browsing on the web. Data classification and data loss prevention are there to prevent data loss and exfiltration.
SandBlast Agent defends endpoints and web browsers with a complete set of real-time advanced browser and endpoint protection technologies, including Threat
Emulation, Threat Extraction, Anti-Bot, and Zero Phishing.
The zero-day prevention is very valuable.
What needs improvement?
Personally, I'm looking forward to separating server management policies. They could improve memory consumption. Once we installed a CP agent in our system, we found that it was consuming more memory. Even a normal configuration system can be hung.
Malware detection is an add-on plan that can't be added on. It's the most important part of endpoint security. There's a forensic addon which is very important after threat hunting against attacks.
For how long have I used the solution?
I've been using this solution for two years.
What do I think about the stability of the solution?
I haven't seen any corruption on the agent side. It's stable.
What do I think about the scalability of the solution?
It's scalable. It always updates its malware database for security concerns on a daily basis
How are customer service and support?
Technical support is good. You can raise a ticket with the CP support portal and a technician will contact you based on the severity.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I didn't have that much experience with anything else. When I was joined, our company was using the same solution.
How was the initial setup?
The solution's initial setup is straightforward. Even new users can handle the process with help of online guidelines.
What about the implementation team?
We used a vendor team and they were experts in what they were doing.
What was our ROI?
As a security solution, of course, it gives back lots of return on investment.
What's my experience with pricing, setup cost, and licensing?
The setup cost is nothing. The licensing is costly due to the fact that, in return, it's giving the best security.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Presales Engineer at Data Warden
Robust and reliable with a useful Full Disk Encryption feature
Pros and Cons
- "There's the possibility of being able to do the administration from the Check Point portal, maintaining control and visibility of the different security events at all times."
- "They could be focused on the analysis of USB devices."
What is our primary use case?
We started using the product months before the start of the pandemic. It is a robust solution for the protection of endpoints. It contains the classic antivirus, however, it has anti-bot and disk encryption functions (FDE) as well as the integration of a sandboxing for the consultation and download of files in a safe way (whether they are downloaded from a page or from an email).
It is a very complete tool for users who need to be able to connect from home or some other public access point since it has a VPN service, in addition to different layered-in security solutions.
How has it helped my organization?
The addition of Check Point's Harmony Endpoint as the main security tool for the company's collaborators has represented a reliable source of security since updates can be executed automatically or manually, as may be required.
There's the possibility of being able to do the administration from the Check Point portal, maintaining control and visibility of the different security events at all times.
Admin users are able to access an adjustable dashboard that shows the most relevant information about the status of the endoints and the statistics of threats found.
What is most valuable?
Without a doubt, the best security feature is Full Disk Encryption (FDE). In cases where the endpoint is stolen or lost, you are sure that the information will not be accessible without the access password being the correct, maintaining the confidentiality of files at all times.
In addition, if someone tries to extract the physical disk and places it as a removable disk in a PC, they will not have access to the information either, since the files are still encrypted, ensuring that this method of extracting the information does not work without the decryption key.
What needs improvement?
They could be focused on the analysis of USB devices. It has the ability to block the use of USB storage memories until it is completely scanned for any virus or threat. We need to ensure that the USB device will not be available until the scan has been completed, however, this may represent a malfunction when using other tools such as Rufus, as, by blocking access to USB drives, Harmony Endpoint will block access to these drives, thus Rufus will not be properly detecting USB drives and therefore it cannot operate properly.
For how long have I used the solution?
I've used the solution for one year and eight months.
What do I think about the stability of the solution?
I have had almost no problems with the execution of the software agent and it is very useful when I need to do research on the internet.
What do I think about the scalability of the solution?
It is fully scalable by scheduling updates from the console. When the agent is updated it will be necessary to update the PC, however.
How are customer service and support?
As a user, I have not had contact with the manufacturer's technical support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We did not use a different solution.
How was the initial setup?
Although it is an intuitive configuration, due to the variety of blades available, it may take some time to complete the configuration. Everything will depend on the number of blades a company needs to configure.
What about the implementation team?
We handled the implementation in-house.
What's my experience with pricing, setup cost, and licensing?
Licensing is based on sizing and based on the number of users and the desired security blades. All versions include access to the Check Point web portal for administration.
Which other solutions did I evaluate?
We did not evaluate other options.
What other advice do I have?
By acquiring this tool, companies will have a robust and reliable solution for endpoint protection.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of IT at a real estate/law firm with 11-50 employees
Very easy to deploy and has good stability
Pros and Cons
- "The biggest value we found was ease of deployment. I haven't really used it much, so I can't really comment beyond that. I haven't used it much, but it's working."
- "I'd also love to see them add full MDM support, but I appreciate that that's not the product market. If it did come in, I'd be more than happy to look at additional modules. It was probably one of the easiest products I've ever had to deploy it, but if it's not capable of doing MD, then that's going to impact its usefulness to us."
What is our primary use case?
We use it primarily for mobile phones. That is it. We really aren't using it in depth at all. We're using it just with basic configuration.
What is most valuable?
The biggest value we found was ease of deployment. I haven't really used it much, so I can't really comment beyond that. I haven't used it much, but it's working.
What needs improvement?
It isn't exactly the cheapest, but then it's Check Point. The price could be improved.
I'd also love to see them add full MDM support, but I appreciate that that's not the product market. If it did come in, I'd be more than happy to look at additional modules. It was probably one of the easiest products I've ever had to deploy it, but if it's not capable of doing MD, then that's going to impact its usefulness to us.
For how long have I used the solution?
We've been using this solution for about three months.
What do I think about the stability of the solution?
I haven't had any problems with the stability of the solution.
What do I think about the scalability of the solution?
We've had no issues with scalability so far. We're not using it very extensively at all. I use it for less than 30 people. It's not like we're using it on thousands and thousands of machines, but I don't foresee any issues with it if we did.
We have less than 30 users, currently. I think there are 15 active at the moment. I've got 15 more licenses to buy, but we're not going to be doing that until after Christmas. We're not in any rush for those.
How are customer service and technical support?
I haven't needed them. I haven't spoken to them. It really was that simple. It's like buying a microwave meal. You read the instructions, which there are not a lot of, and it works.
How was the initial setup?
The initial setup was easier than anything. It took 20 minutes. I was actually on a holiday and I liked it. I set it up and deployed it all from a mobile phone on a beach. It's that easy.
I didn't need any outside help, apart from the people I bought it from, who actually requested the portal and I got an email address and a password. I got a username or password through my email address and then I had to do everything else myself and it was so easy. It's ridiculous.
What's my experience with pricing, setup cost, and licensing?
I bought them for 12 months and I genuinely cannot remember what I paid for them. I think it's about 100 pounds per user per year, so about 10 pounds a month per person.
What other advice do I have?
It's very basic from what I see. It's not a full MDM solution and it's restricted with other MDM provisions. If you want to use an MDM with it to do other things like your email provisioning to mobile devices, you don't have very many options. I think it's AirWatch, MobileIron, Intune, or SOTI: only the most expensive products. If you want to look at something a little bit cheaper, you've got to pay through the nose. You can't have a cheaper solution as an MDM and run this concurrently. That's why they need to look at integrating with more MDM vendors.
Other than that, it's okay. It does what it needs to do and it's going to tick a box that protects me for the next 12 months until I'm ready for the next project, which I am not yet. I'm one man trying to deal with 140 users across five different countries. So, I'm flat out and I don't have some time to do all the other bits.
The biggest lesson I learned is just because it's expensive, it's not always the best. If you want it to integrate with other products, though, you've got to pay a lot of money for other products as well. That's the only issue that I've got with that.
I would rate this solution as eight out of ten, purely because there are additional features I'd love to see, but that is it. If you're doing it on the deployment side of things, I'd give it a ten out of ten. If you're looking at the product as a whole, however, there are a few things I think are missing, but only as additional features. Nine out of ten other customers would probably give it a ten out of ten because they don't need the features that I need. For me personally, it is a little bit empty in certain places. There's so much more they could do with that to make it the most awesome market cornering product there is, but it's not there yet.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
SentinelOne Singularity Complete
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Microsoft Defender XDR
Elastic Security
Symantec Endpoint Security
Trend Micro Deep Security
Intercept X Endpoint
Trend Vision One Endpoint Security
Trellix Endpoint Security
Kaspersky Endpoint Security for Business
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is Check Point's software compatible with other products?
- What is the pricing for Check Point software?
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?
- When evaluating Endpoint Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which Endpoint Protection Solution offers Zero Trust (ZTN) as a feature?
- What to choose: an endpoint antivirus, an EDR solution or both?
- Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?
- Which ransomware is the biggest threat in 2020?
Harmony Endpoint is an endpoint security solution built to protect the remote workforce from today's complex threat landscape. It prevents potential threats to the endpoint, such as ransomware, phishing, or malware redirection, while quickly minimizing breach impact with its autonomous detection and response capability. This way, your organization gets all the endpoint protection it needs in a quality, efficient and cost-effective solution it deserves.